diff options
author | Nick Kralevich <nnk@google.com> | 2013-05-07 23:39:58 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2013-05-07 23:39:58 +0000 |
commit | 71395562283b7f65ab12c9e2fddd5e8962311501 (patch) | |
tree | e24788e858913c0b3748859180c5676d1148bdab | |
parent | dd19bb90177f420b495ee66ef103cba32a4ff44d (diff) | |
parent | 33d8cd656a09badbd732a836351c1d301823b061 (diff) | |
download | source.android.com-71395562283b7f65ab12c9e2fddd5e8962311501.tar.gz |
Merge "security: update SELinux section." into jb-mr2-dev
-rw-r--r-- | src/devices/tech/security/enhancements43.jd | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/devices/tech/security/enhancements43.jd b/src/devices/tech/security/enhancements43.jd index 4ecae12b..277e010a 100644 --- a/src/devices/tech/security/enhancements43.jd +++ b/src/devices/tech/security/enhancements43.jd @@ -9,11 +9,13 @@ in Android 4.3: <ul> <li><strong>Android sandbox reinforced with SELinux.</strong> - Android now uses SELinux, - a mandatory access control (MAC) system in the Linux kernel originally - designed for government security, to augment the UID based Application - sandbox. This protects the operating system against potential security - vulnerabilities.</li> + This release strengthens the Android sandbox using the SELinux + mandatory access control system (MAC) in the Linux kernel. SELinux + reinforcement is invisible to users and developers, and adds robustness + to the existing Android security model while maintaining compatibility + with existing applications. To ensure continued compatibility this release + allows the use of SELinux in a permissive mode. This mode logs any policy + violations, but will not break applications or affect system behavior.</li> <li><strong>No setuid/setgid programs.</strong> Added support for filesystem capabilities |